A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. Note: this issue only occurs on Windows. Other operating systems are unaffected.. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
The product does not handle or incorrectly handles an exceptional condition.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | * | 67.0 (excluding) |
| Firefox_esr | Mozilla | * | 60.7.0 (excluding) |
| Thunderbird | Mozilla | * | 60.7.0 (excluding) |
| Firefox | Ubuntu | upstream | * |
| Mozjs38 | Ubuntu | bionic | * |
| Mozjs38 | Ubuntu | esm-apps/bionic | * |
| Mozjs38 | Ubuntu | upstream | * |
| Mozjs52 | Ubuntu | bionic | * |
| Mozjs52 | Ubuntu | cosmic | * |
| Mozjs52 | Ubuntu | disco | * |
| Mozjs52 | Ubuntu | eoan | * |
| Mozjs52 | Ubuntu | esm-apps/focal | * |
| Mozjs52 | Ubuntu | esm-infra/bionic | * |
| Mozjs52 | Ubuntu | focal | * |
| Mozjs52 | Ubuntu | groovy | * |
| Mozjs52 | Ubuntu | upstream | * |
| Mozjs60 | Ubuntu | cosmic | * |
| Mozjs60 | Ubuntu | disco | * |
| Mozjs60 | Ubuntu | eoan | * |
| Mozjs60 | Ubuntu | upstream | * |
| Thunderbird | Ubuntu | upstream | * |